Merge branch '3088-cleanup-dns_dnsseckey_create' into 'main'

remove error handling code around dns_dnsseckey_create() Closes #3088 See merge request isc-projects/bind9!5707
2026-05-28 04:34:54 -04:00 · 2022-01-31 19:12:12 +00:00 · 2022-01-31 19:12:12 +00:00 · 9c02bd1021
commit 9c02bd1021
parent c2cf69fcc4 e8ac7cf6ec
4 changed files with 18 additions and 35 deletions
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@ -417,17 +417,15 @@ keythatsigned(dns_rdata_rrsig_t *rrsig) {
 		DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, directory, mctx, &privkey);
 	if (result == ISC_R_SUCCESS) {
 		dst_key_free(&pubkey);
-		result = dns_dnsseckey_create(mctx, &privkey, &key);
+		dns_dnsseckey_create(mctx, &privkey, &key);
 	} else {
-		result = dns_dnsseckey_create(mctx, &pubkey, &key);
+		dns_dnsseckey_create(mctx, &pubkey, &key);
 	}

-	if (result == ISC_R_SUCCESS) {
-		key->force_publish = false;
-		key->force_sign = false;
-		key->index = keycount++;
-		ISC_LIST_APPEND(keylist, key, link);
-	}
+	key->force_publish = false;
+	key->force_sign = false;
+	key->index = keycount++;
+	ISC_LIST_APPEND(keylist, key, link);

 	isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_write);
 	return (key);
--- a/lib/dns/dnssec.c
+++ b/lib/dns/dnssec.c
@ -1267,7 +1267,7 @@ dns_dnssec_signs(dns_rdata_t *rdata, const dns_name_t *name,
 	return (false);
 }

-isc_result_t
+void
 dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey,
 		     dns_dnsseckey_t **dkp) {
 	isc_result_t result;
@ -1311,7 +1311,6 @@ dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey,

 	ISC_LINK_INIT(dk, link);
 	*dkp = dk;
-	return (ISC_R_SUCCESS);
 }

 void
@ -1492,7 +1491,7 @@ dns_dnssec_findmatchingkeys(const dns_name_t *origin, const char *directory,
 			continue;
 		}

-		RETERR(dns_dnsseckey_create(mctx, &dstkey, &key));
+		dns_dnsseckey_create(mctx, &dstkey, &key);
 		key->source = dns_keysource_repository;
 		dns_dnssec_get_hints(key, now);

@ -1535,11 +1534,10 @@ failure:
 * the keys in the keyset, regardless of whether they have
 * metadata indicating they should be deactivated or removed.
 */
-static isc_result_t
+static void
 addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey, bool savekeys,
       isc_mem_t *mctx) {
-	dns_dnsseckey_t *key;
-	isc_result_t result;
+	dns_dnsseckey_t *key = NULL;

 	/* Skip duplicates */
 	for (key = ISC_LIST_HEAD(*keylist); key != NULL;
@ -1568,13 +1566,10 @@ addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey, bool savekeys,
 		}

 		key->source = dns_keysource_zoneapex;
-		return (ISC_R_SUCCESS);
+		return;
 	}

-	result = dns_dnsseckey_create(mctx, newkey, &key);
-	if (result != ISC_R_SUCCESS) {
-		return (result);
-	}
+	dns_dnsseckey_create(mctx, newkey, &key);
 	if (key->legacy || savekeys) {
 		key->force_publish = true;
 		key->force_sign = dst_key_isprivate(key->key);
@ -1582,7 +1577,6 @@ addkey(dns_dnsseckeylist_t *keylist, dst_key_t **newkey, bool savekeys,
 	key->source = dns_keysource_zoneapex;
 	ISC_LIST_APPEND(*keylist, key, link);
 	*newkey = NULL;
-	return (ISC_R_SUCCESS);
 }

 /*%
@ -1683,7 +1677,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory,
 		}

 		if (publickey) {
-			RETERR(addkey(keylist, &dnskey, savekeys, mctx));
+			addkey(keylist, &dnskey, savekeys, mctx);
 			goto skip;
 		}

@ -1766,11 +1760,9 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory,

 		if (result == ISC_R_FILENOTFOUND || result == ISC_R_NOPERM) {
 			if (pubkey != NULL) {
-				RETERR(addkey(keylist, &pubkey, savekeys,
-					      mctx));
+				addkey(keylist, &pubkey, savekeys, mctx);
 			} else {
-				RETERR(addkey(keylist, &dnskey, savekeys,
-					      mctx));
+				addkey(keylist, &dnskey, savekeys, mctx);
 			}
 			goto skip;
 		}
@ -1787,7 +1779,7 @@ dns_dnssec_keylistfromrdataset(const dns_name_t *origin, const char *directory,
 		 */
 		dst_key_setttl(privkey, dst_key_getttl(dnskey));

-		RETERR(addkey(keylist, &privkey, savekeys, mctx));
+		addkey(keylist, &privkey, savekeys, mctx);
 	skip:
 		if (dnskey != NULL) {
 			dst_key_free(&dnskey);
--- a/lib/dns/include/dns/dnssec.h
+++ b/lib/dns/include/dns/dnssec.h
@ -245,7 +245,7 @@ dns_dnssec_signs(dns_rdata_t *rdata, const dns_name_t *name,
 * rrset.  dns_dnssec_signs() works on any rrset.
 */

-isc_result_t
+void
 dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey,
 		     dns_dnsseckey_t **dkp);
 /*%<
@ -253,10 +253,6 @@ dns_dnsseckey_create(isc_mem_t *mctx, dst_key_t **dstkey,
 *
 *	Requires:
 *\li		'dkp' is not NULL and '*dkp' is NULL.
- *
- *	Returns:
- *\li		#ISC_R_SUCCESS
- *\li		#ISC_R_NOMEMORY
 */

 void
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@ -1768,10 +1768,7 @@ keymgr_key_rollover(dns_kasp_key_t *kaspkey, dns_dnsseckey_t *active_key,
 		}
 		dst_key_setttl(dst_key, dns_kasp_dnskeyttl(kasp));
 		dst_key_settime(dst_key, DST_TIME_CREATED, now);
-		result = dns_dnsseckey_create(mctx, &dst_key, &new_key);
-		if (result != ISC_R_SUCCESS) {
-			return (result);
-		}
+		dns_dnsseckey_create(mctx, &dst_key, &new_key);
 		keymgr_key_init(new_key, kasp, now, csk);
 	} else {
 		new_key = candidate;